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How I Got Here 



Fuzzing -> Sulley -> Process Monitor 



Core files, Proofs, DTrace 



Wait... DTrace? 



What is RSol? 



A Library 



Programmatically Debug Solaris in Ruby 



Not an Interactive Debugger 



RSol Architecture Overview 



Core Classes 


Native Extensions 


• RSol 


• NativeBuffer 


• Proofs 


• DisasmSolaris 


• ElfUtils 


• LargeFile 


• SparclnstructionType 




• Signal 




• Constant Classes 





RSol API Summary 



attach (to) 

run (program) 

run_stopped (program) 

detach 

stop 

continue 



trace_signal(sef) 

wait_for_event 

readjnemory (address, length) 

write_memory(ac/c/ress, buffer) 

se\_reg\ster(register, value) 

set_breakpoint(ac/c/ress) 

unset_breakpoint(ac/c/ress) 

d\sassemb\e(instructions, start_address) 

malloc(s/ze) 

hooW(address, trampoline, handler) 

find_instruction_types(c/afa, flags) 



Key RSol Fields 

• . status. pr_lwp.pr_reg.pc 



Quick Example 

require 

d RSol. new 

d.attach( ) 

d.stop 

print d 

d. detach and continue 



Debugger vs DTrace 



Debugger 


DTrace 


• Easier Generic 


• Best For Specific 


Solutions 


Solutions 


• Can Be Slow 


• Fast 


• No Info Loss 


• Can Lose Info 



Combine For Much Win 



Future Work 



DTrace! 



Metrics and Fuller Comparisons 



Polished Working Tools 



Actual Ownage. 



Greetz and Propz 



VulnDev - thanks for the servers :D 



Squidlyl - project Sparc USA 



LEH - why I'm here at all 



Schutzey - for putting up with me 



